Month: September 2016

While using BurpSuite 1.7.03, the click of my mouse accidentally(luckily though!!) hits the BurpSuite Documentation from where I notice “Burp Clickbandit“.

So, what is Burp Clickbandit? Burp’s documentation states:

Burp Clickbandit is a tool for generating clickjacking attacks. When you have found a web page that may be vulnerable to clickjacking, you can use Burp Clickbandit to create an attack, and confirm that the vulnerability can be successfully exploited.

Manually crafting a proof of concept attack can mean laborious hours of offset-tweaking, so we’ve just released Burp Clickbandit, a point-and-click tool for generating clickjacking attacks.

Clickjacking or “UI redress attack” is an attack wherein an attacker lures victim onto clicking on attacker’s page without victim’s consent as only the crafted website is visible to the victim (which is superimposed over attacker’s page!).

Burp Clickbandit is a tool which allows to generate Proof of Concepts quickly by detecting the HTML elements(<p>,<img>,<div> etc.) when clicked upon and using their dimensions and position to generate the relevant click area. Further, it also uses the mouse’s x and y coordinates along with zooming into the object to provide click area in cases where iframe or flash objects are encountered to prevent inaccuracy.

Burp Clickbandit

The tool contains following features as quoted by PortSwigger:

Supports multi-click attacks

Written in pure JavaScript, and trivial to deploy

Supports transparency, clearly showing the attack mechanics

Works on most websites!

Inorder to execute this tool you need to follow below mentioned instructions:

Record Mode: Just when you execute the script into the browser’s console at the target website, the script’s Iframe will load the target website(www.certifiedhacker.com) and will ask you to record the click (or string of clicks) over HTML elements. This step plans the strategy on how the victim’s click(s) will be hijacked.

Review Mode: After selecting the desired objects where the action has to be performed, the tool places click over the superimposed target website(www.certifiedhacker.com) and when victim clicks the desired click area, the attack is successful. see slideshow for reference.

The following commands are available in review mode:

The + and – buttons can be used to zoom in and out.

The “toggle transparency” button lets you show or hide the original page UI.

The “reset” button restores the generated attack, as it was before any further clicks were made.

The “save” button saves an HTML file containing the attack. This can be used as a real-world exploit of the clickjacking vulnerability.

You can use the keyboard arrow keys to reposition the attack UI if is not correctly aligned with the original page UI.

This slideshow requires JavaScript.

Hope these features improves your experience of using the awesome Burp Suite tool. Please let me know if I can improve any part of this technical write up.

If you are facing Diffie Hellman key issue you can go to about:config tab and set values to False for following parameters

security.ssl3.dhe_rsa_aes_128_sha

security.ssl3.dhe_rsa_aes_256_sha

Hope these solutions improve your experience of using the awesome Burp Suite tool. Please let me know if I can improve any part of this technical write up or consolidate more solutions for day to day issues with Burp.